← Home

google-closure-compiler

npm Repository Homepage

Check, compile, optimize and compress Javascript with Closure-Compiler

100
Versions
Apache-2.0
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

chadhikesblicklylharker

Keywords

javascriptcompileroptimizerminifierclosuregulpplugingruntplugin

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
phantom-deps phantom-dep:chalk AI (phantom-deps): chalk is a legitimate runtime dep used by the gulp plugin interface in this package; phantom-dep analyzer does not traverse all entry points in this ESM wrapper package. ai
phantom-deps phantom-dep:vinyl AI (phantom-deps): vinyl is a legitimate runtime dep for the gulp plugin interface; false positive due to incomplete source traversal by the analyzer. ai
phantom-deps phantom-dep:vinyl-sourcemaps-apply AI (phantom-deps): vinyl-sourcemaps-apply is a legitimate runtime dep for sourcemap support in the gulp plugin; false positive due to incomplete source traversal. ai
phantom-deps phantom-dep:google-closure-compiler-java AI (phantom-deps): google-closure-compiler-java is the sibling Java JAR package invoked via subprocess/path resolution, not direct import. This is the documented architecture of the closure-compiler-npm package family. ai
semgrep semgrep:child-process-import AI (semgrep): child_process use in contrib/nodejs/cluster.js is legitimate — this is a Node.js externs file for a compiler tool, not malicious code. ai

Versions (showing 100 of 320)

Version Deps Published
20191111.0.0 9 / 11
20191027.0.0 9 / 11
20190929.0.0 9 / 11
20190909.0.0 9 / 11
20190819.0.0 9 / 11
20190729.0.0 9 / 11
20190709.0.0 9 / 11
20190618.0.0 9 / 11
20190528.1.0 9 / 11
20190528.0.0 8 / 11
20190513.0.0 8 / 11
20190415.0.0 8 / 11
20190325.0.0 8 / 11
20190301.0.0 8 / 11
20190215.0.2 8 / 11
20190215.0.1 8 / 11
20190121.0.0 8 / 11
20190106.0.0 8 / 11
20181210.0.0 8 / 11
20181205.0.0 8 / 11
20181125.1.0 8 / 11
20181125.0.1 8 / 11
20181028.0.1 8 / 11
20181028.0.0 8 / 11
20181008.0.0 6 / 10
20180910.1.0 6 / 9
20180910.0.0 6 / 9
20180805.0.0 6 / 9
20180716.0.1 5 / 9
20180716.0.0 6 / 8
20180610.0.2 3 / 9
20180610.0.1 3 / 9
20180610.0.0 3 / 9
20180506.0.0 3 / 9
20180402.0.0 3 / 9
20180319.0.0 3 / 9
20180204.0.0 3 / 9
20180101.0.0 3 / 9
20171203.0.0 3 / 9
20171112.0.0 3 / 9
20171023.0.1 3 / 9
20171023.0.0 3 / 9
20170910.0.0 3 / 9
20170806.0.0 3 / 9
20170626.0.0 3 / 9
20170521.0.0 3 / 9
20170423.0.0 3 / 9
20170409.0.0 3 / 9
20170218.0.0 3 / 10
20170124.0.0 3 / 10
20161201.0.0 3 / 10
20161024.3.0 3 / 10
20161024.2.0 3 / 10
20161024.1.0 4 / 10
20161024.0.0 5 / 10
20160911.0.0 5 / 10
20160822.2.0 5 / 10
20160822.1.0 5 / 10
20160822.0.0 5 / 10
20160713.3.0 5 / 10
20160713.2.0 5 / 10
20160713.1.0 5 / 10
20160713.0.0 5 / 10
20160619.0.0 5 / 10
20160517.1.0 5 / 10
20160517.0.0 5 / 10
20160315.2.0 5 / 10
20160315.1.0 5 / 10
20160315.0.0 5 / 10
20160208.7.0 5 / 10
20160208.6.0 5 / 10
20160208.5.0 5 / 10
20160208.4.0 5 / 10
20160208.3.0 5 / 10
20160208.2.0 5 / 10
20160208.1.0 6 / 10
20160208.0.0 6 / 10
20160125.0.0 6 / 10
20151216.2.0 6 / 10
20151216.1.0 5 / 10
20151216.0.0 5 / 10
20151130.6.0 5 / 10
20151130.5.0 5 / 10
20151130.4.0 5 / 10
20151130.3.0 5 / 10
20151130.2.0 5 / 10
20151130.1.0 5 / 10
20151130.0.0 5 / 10
20151128.4.0 5 / 10
20151128.3.0 5 / 10
20151128.2.0 5 / 10
20151128.1.0 5 / 10
20151128.0.0 5 / 10
20151125.1.0 5 / 9
20151125.0.0 5 / 9
20151123.1.0 4 / 9
20151123.0.0 4 / 9
20151122.6.0 4 / 9
20151122.5.0 4 / 9
20151122.4.0 4 / 9
Showing 100 of 320 Next page →

v20181008.0.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.